Forgot your password?
typodupeerror
Encryption Security Communications

Italian Phone Taps Spur Encryption Use 176

Posted by kdawson
from the what-is-the-frequency-kenneth dept.
manekineko2 writes "This article in the NYTimes discusses how a recent rash of high-profile mobile phone taps in Italy is spurring a rush toward software-encrypted phone conversations. Private conversations have been tapped and subsequently leaked to the media and have resulted in disclosures of sensitive takeover discussions, revelations regarding game-fixing in soccer, and the arrest of a prince on charges of providing prostitutes and illegal slot machines. An Italian investigative reporter stated that no one would ever discuss sensitive information on the phone now. As a result, encryption software for mobile phones has moved from the government and military worlds into the mainstream. Are GSM phones in the US ripe for a similar explosion in the use of freely available wiretapping technology, and could this finally be the impetus to for widespread use of software-encrypted communications?"
This discussion has been archived. No new comments can be posted.

Italian Phone Taps Spur Encryption Use

Comments Filter:
  • Nice thing (Score:5, Interesting)

    by crunzh (1082841) on Tuesday May 01, 2007 @07:51AM (#18938835) Homepage
    It would be really nice if that came standard in cellphones (Properly just a empty dream). But maybe a plugin for windows mobile and symbian handsets could be possible.
    • Re: (Score:2, Interesting)

      by cl191 (831857)
      I don't really know much about voice encryptions, but does the regular "dumb" phones even have enough power to do voice encryption?
      • Re: (Score:2, Interesting)

        by crunzh (1082841)
        The dumbest phones properly don't but for example the recent nokia smartphones are pretty widespred where I come from and they should have the power to do it. Heck they can dop videocalling so why not encryption of regular calls.
        • Re:Nice thing (Score:5, Informative)

          by smilindog2000 (907665) <bill@billrocks.org> on Tuesday May 01, 2007 @09:08AM (#18939419) Homepage
          Software or hardware encryption of streams using ARC-DROP(768) seems plenty secure for real world applications, and the inner loop is only about 10 lines of code to process 1 byte. At voice speeds, your average $0.25 microcontroller should have plenty of horsepower, so long as it's got 256 bytes of RAM. I've built a simple file encryptor at tinycrypt.sf.net based on it. Let me know if you find any bugs!
      • Re: (Score:3, Informative)

        by squiggleslash (241428)

        Yes, all GSM phones since the Motorola International 3200 (the first) do encryption. It's part of the spec.

        The problem is that the algorithms have always been less than ideal due to government paranoia. And sometimes it's switched off. And it's not end-to-end, it's just handset to basestation/basestation to handset.

        It's still hard to tap a specific GSM phone by pulling signals from the air, but it's obviously easier than it should be.

    • Re: (Score:3, Informative)

      by tronicum (617382) *
      Just use a cryptophone [cryptophone.de] or their free Windows Software.
      • Indeed, and a nice thing about cryptophone is that they apparently provide protocol specs and invite others to be compatible (it would have to be reimplemented though).

        There has also been talk of encrypted call support (would be nice if compatible with cryptophone, considering the published protocol) in OpenMoko, the open GNU/Linux-based phone OS, though no real work as of yet (hopefully only because the developer sales of the Neo1973 devices haven't properly started on schedule).

        It is just a question of so
        • by mrcaseyj (902945)
          I heard that in the US there is a law against encrypted phones that can't be tapped by the government. I'm not sure how software like cryptophone gets around it, but I guess it's because it's not an actual phone but just software on a computer. This rules out OpenMoko being sold with voice encryption installed, but it may be possible to install it after purchase.

          Of course the government could probably hack your phone any time they want, but on an open source phone they would probably have to use a great d

    • It does! (Score:4, Informative)

      by bWareiWare.co.uk (660144) on Tuesday May 01, 2007 @08:19AM (#18939027) Homepage
      http://en.wikipedia.org/wiki/A5/1 [wikipedia.org]

      It can be broken, but considering the power of early GSM handsets this was quite an effective system. One of the major factors driving G2 (digital) phones was the easy of eavesdropping on the old analogue G1 network.

    • Cordless phones too (Score:1, Interesting)

      by Anonymous Coward
      No matter how hard I look, I can't find a cordless phone with encryption. Ten years ago this wasn't so difficult to do. It seems after congress passed a law banning evesdropping on phones the industry just gave up on encryption. Hopefully this will reignite the use of cryptography in cordless phones.
    • by dynamo (6127)
      Actually, if it came standard in cellphones, you couldn't trust it to really be encrypted. To prevent easy institutionalized monitoring, you have to have an encryption layer under the COMPLETE control of the people talking. That way you know there are no secret extra keys etc.. that others could remove.

  • Companies first (Score:3, Interesting)

    by sckeener (137243) <sterling.texaskeeners@org> on Tuesday May 01, 2007 @07:56AM (#18938867)
    I doubt it'll break into the public domain any time soon.

    Here at Chevron we encrypt our Blackberries, both on the unit and during transmission. If the Blackberry is lost, the data is safe because of the encryption.

    I don't see it happening for the public unless the carrier provides the service and then wouldn't the government just request the carrier to give them access?
    • Re:Companies first (Score:4, Informative)

      by Dr_Barnowl (709838) on Tuesday May 01, 2007 @08:29AM (#18939095)
      If the carrier is just that, a carrier of data, it doesn't matter what the carrier does, you can establish an encrypted link without it's involvement beyond moving the data.

      Making the carrier the sole means of key exchange would be the only way to give them access (they could perpetrate a man-in-the-middle attack). But if you are able to meet physically with your call partner, or exchange keys through an alternate secure medium, the intermediary would have no cheap means of intercepting.

      Only one-time pads are unbreakable, and using one-time pads makes key exchange *much* less secure. But public key methods are enough to make it very hard to break a single transmission. Programs like ECHELON would be utterly stuffed.

      And of course, if you have a mobile data plan with more than a few kBit/s of bandwidth, this is entirely possible now, as demonstrated by these Italian chappies.

      Blooming heck though - $410 for their SMS encryption package and $2,200 for the voice version. I'm willing to bet that even with patent licensing, the per unit cost is very small. I could probably write Windows Mobile software to do encrypted SMS in a day or so, and I'm no encryption whiz.
      • Re: (Score:3, Informative)

        by Dr_Barnowl (709838)
        To confirm this, I was able to find two suppliers of encryption software for SMS in the UK.

        http://kryptext.com/faq.html [kryptext.com]
        This downloadable product (£6.99 per phone) can't be very secure, as the manual has no key exchange protocol in it. I suspect that it uses hashed data to derive keys (or has a fixed key), probably phone numbers. It's very cheap, and certainly sufficient to hide data from your spouse, but a determined assault on their algorithm will probably open it up like a book.

        http://www.emosecure. [emosecure.com]
    • by el_flynn (1279)
      Well, TFA was really more ocncerned about securing the GSM voice channel rather than the data stored on your Blackberries, or data trasmission to/from those devices. Totally different thing.

      Plus, if the carrier were providing the scrambling services, both endpoints would still be vulnerable from its physical location up to wherever the nearest base station is -- and that's typically where you'd really want to tap the conversation, especially if you knew the cellco was encrypting it from base station onwards
  • Key Exchange? (Score:1, Interesting)

    by bernywork (57298) *
    How would you go about key exchange?

    Really, you need to ensure that your public keys don't get intercepted as if you sent them via SMS or otherwise. Considering the fact that you aren't trusting the network any longer, it means that you couldn't pass keys across it either.

    So if you wanted a secure key exchange, you would probably have to meet someone or another trusted person and do a key exchange that way, IR would probably workk.

    I guess email could work too.
    • Re:Key Exchange? (Score:5, Interesting)

      by jez9999 (618189) on Tuesday May 01, 2007 @08:00AM (#18938895) Homepage Journal
      Why would it be a problem? Only private keys ca be used to decrypt data. Unless you were concerned about the man-in-the-middle just rewriting the data to say something else, but it's hard to imagine how they'd do that to a live voice conversation.
      • Re: (Score:3, Interesting)

        by jimstapleton (999106)
        In certain situations, a phone might have a bit of 'echo' (the reciver picks up a bit from the speaker). How much of a help could this echo be, in conjunction with a public key, to help identify the private key?
        • Basically, for the well proven schemes, this is of little help. The algorithms that have stood the test of time and public scrutiny generally are resistant to both man-in-the-middle attacks (though there are still LOTs of security issues, like trusting you are talking to who you think you are) and chosen-plaintext attacks. Knowing that there is echo has to be of less use to a cryptanalyst than the ability to choose the plaintext and view the encrypted results. Also, knowing the public key doesn't combine
      • by lachlan76 (770870)
        If there's a standard key-distribution scheme, then they could just replace the public key with their own and use a man-in-the-middle attack.
        • If there's a standard key-distribution scheme, then they could just replace the public key with their own and use a man-in-the-middle attack.

          You don't seem to know how pgp works. If they replace your pk with their own, your secret key would not be able to decrypt the conversation.
          • by lachlan76 (770870)

            You misunderstand. When the key transfer happens, they do as follows:

            1. Store the public key.
            2. Send a different public key that corresponds to a private key that is available to them.

            Then, when someone tries to send some encrypted data over the network:

            1. Decrypt the data with the private key that corresponds to the false public key that is now in the possession of the sender.
            2. Re-encrypt it with the public key that was supposed to be sent, and send it to the recipient.

            PGP depends on the availability

    • Re:Key Exchange? (Score:5, Informative)

      by jrumney (197329) on Tuesday May 01, 2007 @08:02AM (#18938911) Homepage
      It's a fundamental feature of public key encryption that public keys can be exchanged in the clear without compromising security.
      • How do I know that the public key I'm presented with belongs to you and not some man-in-the-middle? Clearly you don't want a central agent (like a CA) be in control of trust, because the problem here is the central control over encryption in the 1st place.

        A workable solution would be to accept public keys like you do with SSH. Once you have a connection you can verify the thumbprint (or babbleprint) with the other party using your voice, and move on to sensitive discussions if the keys check out. You'd only
        • by jrumney (197329) on Tuesday May 01, 2007 @08:38AM (#18939149) Homepage

          Clearly you don't want a central agent (like a CA) be in control of trust, because the problem here is the central control over encryption in the 1st place.

          A CA is not in central control over encryption. They are only in control of authenticating keys. The only way they can subvert the encryption process is to issue matching (in details, but not in keys) certificates to you and the man in the middle. If they were to do this, it would be detected quickly, and their reputation as a trusted CA would suffer.

          • by Kadin2048 (468275)
            If they were to do this, it would be detected quickly, and their reputation as a trusted CA would suffer.

            Why do you assume that it would be detected quickly?

            If it was issued in secret, say via a NSL, and the people running the MITM were competent, it might take a very long time to discover.
            • by jrumney (197329)

              Why do you assume that it would be detected quickly?

              Because switched keys are easy to detect, and enough people are paranoid about these things that there are plenty of eyes watching for it.

          • by Marton (24416)
            A CA is in control over a small part of the process that makes it possible for them (or anyone having a copy of their private key) to perform a MITM attack on any web browser without the user having a clue. You're right, done on a large scale it'd be caught quickly but if the attacker is being careful and only spoofs a few people he's interested in: nobody will ever know. After all, when was the last time you compared your favorite HTTPS site's certificate to the one you saw during your previous visit? Do y
        • by EllisDees (268037)
          I believe the zphone (from Phil Zimmerman) gets around this by displaying some sort of hash that you can actually say to the other person on the line once the call has been connected. If your hash doesn't match what it should be, there could be a man in the middle.
      • The AC that replied is correct: you need an authentication step as well, or you don't know whether you are talking to the person who you thought you were (the alternative is that you are talking to them via some man-in-the-middle).

        The only way that I know of to stop these attacks is to have a *trusted* public key of everyone that you want to phone. The only way to get that trust is to verify somehow (perhaps by meeting up with them) that the key you have listed for them is in fact their key.

        Actually,

        • by Kadin2048 (468275)
          The only way that I know of to stop these attacks is to have a *trusted* public key of everyone that you want to phone. The only way to get that trust is to verify somehow (perhaps by meeting up with them) that the key you have listed for them is in fact their key.

          Actually, for telephone conversations it would even be possible to speak a few digits of the key and see if the person on the other end agrees. You couldn't do this for a text protocol, because it would be trivial for the man-in-the-middle to subs
    • by Stooshie (993666)

      ... you need to ensure that your public keys don't get intercepted ...

      ahem, there is a reason they are called public keys.

    • by davecb (6526) *

      Over ten years ago a colleage and I were asked to propose just such an encrypted phone, using what was then a new technique, public/private key pairs for the key exchange. The phones were to be "seeded" with an intial public-key repository's key.

      --dave

    • by Secrity (742221)
      Why not just call them and trade the keys using Pig Latin?
    • Wow, my head is still spinning after reading the flurry of comments in response to the sibling posts, and responses to those, ad infinitum. Maybe if I summarize stuff here, we can all get on the same page and move on. All the Public Key Encryption (PKE) problems have been addressed in systems like PGP/GPG and SSH, etc. I have to remember that not everyone is familiar with this, and the number of queries about "but wouldn't this or that be insecure?" is a reminder of the fairly substantial problems which
      • That was very informative, and I hope you get modded up to five. It's nothing original of course, but being able to condense long-known information that people should be aware of (but aren't), into something understanable, is itself difficult.

        With respect to making talk of PKE easier to understand, I've never understood why, other than history, they use the term "public key". It seems a "public key" is more analagous to a physical lock than a physical key. When you apply a public key, you are, in essence
    • In public/private key (e.g. GPG/PGP) crypto, it doesn't matter who gets the public key... that's why they're PUBLISHED on key servers and web pages and I've seen them in e-mail sigs and even Usenet sigs. Having the public key means you can send someone a message, not read his mail.

      Of course, securing your private key is your problem.
  • Italy & US (Score:3, Informative)

    by Anonymous Coward on Tuesday May 01, 2007 @07:57AM (#18938877)
    Under US law, such a tap is illegal. There are some encrypted channels for cel phone conversations in America, but they have been mostly phased out because of the lack of consumer demand. In the US, such a tap is illegal. Even if such inflamatory behaviors were discovered, the person who did the tap would not disclose it as it would highlight personal illegal activities. Note that there is nothing that the technology is doing to prevent it.

    On the other hand, wireless phones in the US typically do use encryption because they operate in the same frequency range as other devices (cel phones have their own dedicated frequency range). When baby monitors started picking up the conversations down the street, people took notice.

    • Re:Italy & US (Score:5, Informative)

      by jonwil (467024) on Tuesday May 01, 2007 @08:17AM (#18939013)
      I believe the GSM standards actually mandate encryption. However, such encryption isn't going to do very much to protect you from wiretaps if the wiretapper has the permission from the carrier.

      OpenMoko (or other communications platform with open software) + VoIP + AES encryption + Diffie-Hellman (or use RSA and public key cryptography) is the solution if you REALLY need to keep your stuff secret.
      Even the NSA doesn't have enough computing power to decrypt THAT. And, the same solution could run on a PC or anything else with enough CPU power.
      • Re: (Score:3, Insightful)

        by el_flynn (1279)
        Even the NSA doesn't have enough computing power to decrypt THAT

        Yes, of course. Until you realize, at the end of the conversation, that the NSA's already bugged the room you're talking in.
      • Re: (Score:3, Interesting)

        by gambit3 (463693)
        Actually, the GSM standard DOES mandate the ability to tap cell phone conversations at the network provider level. I should know. I worked for 6 years for a GSM network equipment maker, and I was actually part of the team that tested the functionality of this "feature". It is called CALEA, and it will record not only every detail of the call, but even every button pressed during the call. And it was completely transparent to both ends of the call. That was one crucial aspect of this "feature" that was test
        • When I worked at Nextel, the "Guys in Suits" had a server set up in our transport room (where the OC-92 and other fiber came in to the demarc). We had no real input, but one person (not me) was responsible for admin of it (in case it needed reboot, etc). It's now able to be public, but we had to keep it hush-hush that there was no way to tap Direct Connect for quite some time. It's able now, but it was more difficult with Direct Application Processors (DAP - used to process Direct connect traffic). Next

        • Re: (Score:3, Interesting)

          by anothy (83176)
          CALEA is a US-only term; the more generic industry term is Lawful Intercept; while CALEA is reasonably representative and your comments hold true for every Lawful Intercept regulation i know anything about, the specifics vary by jurisdiction. this is a current issue for folks looking at deploying WiMAX services/networks, my current area of focus. it's a major hassle, and once you offer a plain data pipe as a service option, it's futile, since genuine "bad guys" can simply employ end-to-end encryption and bu
      • Re:Italy & US (Score:4, Interesting)

        by mpe (36238) on Tuesday May 01, 2007 @09:01AM (#18939353)
        I believe the GSM standards actually mandate encryption. However, such encryption isn't going to do very much to protect you from wiretaps if the wiretapper has the permission from the carrier

        The encryption is only between the handset and basestation. If people have the ability to make "legal" taps it wouldn't even help with a call between two phones connected to the same basestation.
        You'd need end to end encryption which would also require you to establish a "data" call, which could well be charged differently from a "voice" call.
        • You actually could do it with a voice call (use modems). You could even do it by hand using morse code (or a higher order encoding) using button presses. Assuming strong enough encryption this would be unbreakable, and there would be no voices to determine who called whom (though it might be prudent to disconnect the microphone).
  • Wooohooo! (Score:2, Funny)

    by mobby_6kl (668092)
    Hookers and blackjack! This prince guy must have one shiny ass.
    • by orzetto (545509)

      He's not just any prince. He's Vittorio Emanuele [wikipedia.org], prince of Naples (a title he holds illegally, actually, since nobility titles are no longer valid in Italy), a thoroughly idiotic fellow, a murderer (who got away with that and bragged about having "screwed the judges"), an anti-semite who said that the racial laws passed by his grandfather [wikipedia.org] "were not that terrible", an arms dealer who was friend with Shah Mohammed Reza Pahlavi [wikipedia.org], dictator of Persia.

      Hookers and blackjack are peanuts in his line of business, bu

  • Awaiting laws passed in Italy that ban the use of encrypted cell phones in 3....2....1...
  • Worried now? (Score:4, Interesting)

    by Baavgai (598847) on Tuesday May 01, 2007 @08:17AM (#18939015) Homepage

    An Italian investigative reporter stated that no one would ever discuss sensitive information on the phone now.

    Why on Earth would you ever discuss sensitive information on the phone before? There's always been phone tapping tech. It's only the laws for that technology's usage that protected anyone from it. You never say anything on the phone that you wouldn't say to a cop. If you don't know that rule, you're a pretty inept criminal.

    • Re: (Score:3, Insightful)

      by ianezz (31449)

      Why on Earth would you ever discuss sensitive information on the phone before? There's always been phone tapping tech. It's only the laws for that technology's usage that protected anyone from it. You never say anything on the phone that you wouldn't say to a cop. If you don't know that rule, you're a pretty inept criminal.

      • by no means discussing "sensitive" information does imply underlying illegal activities (even if it is the case sometimes);
      • there are a lot of details everyone would tell a cop if requ
  • by gambit3 (463693) on Tuesday May 01, 2007 @08:23AM (#18939057) Homepage Journal
    Quite simply, one of two things would prevent encrypted cell phones from becoming successful in the US:

    1. The government would simply make it illegal (don't want to give the terrorists any new tools).

    2. The government would require a backdoor be built in by manufacturers, defeating the purpose.
    • by jez9999 (618189)
      If everyone was using OSS encryption, en masse, how would the government enforce these two points? Mind you, I do realise that the US has tragically jailed huge numbers of people for using cannabis. I guess I wouldn't put much past a government that's retarded and evil enough to do that. :-(
      • by jimicus (737525)
        If everyone was using OSS encryption, en masse, how would the government enforce these two points?

        They may be using OSS software but they sure as hell aren't connecting an openly-developed phone to a GSM mobile network. If you can't trust your own hardware, I really don't see how you can trust software which runs on it.
      • They'd demand the keys under the auspices of a recently passed bullshit law. If you don't give them up, you're jailed for contempt of court.

        Be nice...because they might name you a terrorist and then you magically lose your habeus corpus rights!

        But, we're safe from terrorists!
      • Everyone ISN'T going to use OSS encryption. Everyone is going to get their phone via their carrier or Motorola, Samsung, etc. They won't be allowed to sell phones unless they allow the US Stasi^H^H^H^H^HGovernment to snoop.
    • by Isao (153092)
      #2 is already in place. CALEA [wikipedia.org] is a law that requires telecom carriers to provide law enforcement with access to call data, including content. Simply put, any encryption that a provider would put in place would have to be made interceptable by law enforcement.

      Interestingly, this moves the target for unlawful intercepts from the user communication path to the CALEA intercept equipment itself, which is often very poorly protected.

      • Re: (Score:3, Interesting)

        by h4ck7h3p14n37 (926070)

        I work for a telecom provider (mostly hosting of SIP apps) and we are not required under CALEA to provide access to law enforcement. Rather, the telco carriers that _we_ use, like AT&T, Qwest, etc. are required to provide access. What that means is that we could offer customers a VPN connection to our network, give them a soft-phone and ensure that their SIP traffic remains encrypted. You'd probably have to do SIP to SIP since I don't know how you'd encrypt the PSTN leg of the call.

        Cell phones wou

    • by k1e0x (1040314)
      I agree but.. Isn't that one thing?

      1. Government

      "Oh sure you can have a private conversation.. except we need to listen.. just in case your.. you know.. dissenting or something."

      I wonder if people started using e-mail encryption enmass if they would stop that too?
  • For a very long time (Score:4, Interesting)

    by kilodelta (843627) on Tuesday May 01, 2007 @08:28AM (#18939083) Homepage
    Law enforcement has had the ability to tap in and monitor cellular communications.

    In the days of AMPS and NAMPS it was a piece of cake. Friend of mine worked in IT for the local PD and was able to get a scanner that wasn't 800-900 blocked, and a little card and software for the computer that allowed us to follow calls as they went from cell to cell.

    CDMA and GSM just throw a little wrinkle in.
  • by iceco2 (703132) <meirmaor@NOspam.gmail.com> on Tuesday May 01, 2007 @08:32AM (#18939113)
    Though in the acedmic circles, serious flawa with GSM encryption
    have been found they are still not all that trivial to implement.

    The main work on attacking GSM in a practicle scenario was done by
    Elad Barkan with the help of Eli Biham and Nathan Keller.

    to briefly explain the security you must notice there are diffrent variants for
    GSM encryption the weak one being A5/2 anf A5/1 and A5/3 being considarbly stronger.

    breaking A5/1 in a passive attack requires a significant amount of precomputation and storage
    that though one could buy of the self, I find it unlikely any private citizen will set up
    a cluster of two dozen computers to crack GSM for the fun of it, though obviously a large
    evil corparation or a small company would easily have the resources.

    an active attack could convince a cell phone to use A5/2 even if it prefers A5/1 or a diffrent variant,
    this requires more specialized equipment and it easier to catch the attacker as he must be sending out
    radio signals, these may also interfere with normal cellphone traffice.

    This is just to put the threat into proportion,
    your own govement can wiretap without breaking encryption,
    A serious enemy can probably muster up the resources to wiretap by breaking GSM encryption
    but your next door neighboor will probablby find it exremly difficult to listen in on encrypted GSM cell
    phone traffic.

        Me.
    • Re: (Score:3, Interesting)

      by mobileTen (750885)
      An attack is very simple. You need to implement a Man in the Middle Attack. All you need to do is have your own base station. Low power base station are becoming cheaper, even to the extent that they are being put into aircraft. There is no authentication under GSM of the base station. The base station can switch encryption on and off between the base station and the phone. The phone will not warn you that encryption has switched off! Therefor to eavesdrop on a phone, when you can not get a tap at an exch
    • ... breaking A5/1 in a passive attack requires a significant amount of precomputation and storage that though one could buy of the self, I find it unlikely any private citizen will set up a cluster of two dozen computers to crack GSM for the fun of it, though obviously a large evil corparation or a small company would easily have the resources.

      A "cluster of two dozen supercomputers"? How much is that in graphics processors on video cards?

      (How about on one-generation-back video cards that the stores are sel
  • by Anonymous Coward on Tuesday May 01, 2007 @08:37AM (#18939145)
    I'veway eenbay usingway oicevay encryptionway orfay earsyay.
    It'sway easyway andway otallytay onfusescay anyway
    eavesdroppersway.
  • by Aceticon (140883) on Tuesday May 01, 2007 @08:41AM (#18939169)
    Is the encryption software open-source?

    If not, how do we know that it doesn't have a back-door?

    And if it does indeed have a back-door, how can people ever be sure that the "wrong" people (definition of "wrong" depending on the user) will not intercept and decode the communications using said back-door?

    In this world of powerfull Intelligence Agencies, any kind of communications security software/hardware which is not at the very least peer-reviewed is bound to have some sort of backdoor.
    • Is the encryption software open-source? If not, how do we know that it doesn't have a back-door?

      back doors in proprietary software? that's unpossible!

  • Get a CryptoPhone (Score:5, Informative)

    by mwilliamson (672411) on Tuesday May 01, 2007 @08:44AM (#18939215) Homepage Journal

    It looks like a firm in Germany already offers a AES-256 bit encrypted mobile and POTS phone, as well as a softphone. Although their hard phones aren't cheap, the softphone is free to give to your contacts. http://www.cryptophone.de [cryptophone.de] They alse include source code for "full independent review" with their products.

    Similarly, Phil Zimmermann, the creator of PGP has released his Zphone [zfoneproject.com] to make encrypted VoIP calls. Also, the Asterisk project offers an encrypted IAX channel [voip-info.org].

  • by blantonl (784786) on Tuesday May 01, 2007 @09:13AM (#18939487) Homepage
    Are GSM phones in the US ripe for a similar explosion in the use of freely available wiretapping technology, and could this finally be the impetus to for widespread use of software-encrypted communications?"

    Unless I'm missing something, there certainly is not any freely available wiretapping technology for GSM phones and networks. There are a few vendors that sell very expensive GSM tapping and over the air capture devices and platforms, but they are extrememly expensive and only for sale to authorized buyers (law enforcement, military, and feds)

  • What about Skype? (Score:2, Insightful)

    by Bearhouse (1034238)
    They claim that communications are end-to-end encrypted, although they don't publish the source code, so hard to verify for backdoors etc. They have a client available for mobile devices - you can then call from any hotspot. Free, too, unless you take or make calls to/from normal lines (which are then, of course, not encrypted).

    An another point, some of the posts here seem to be missing the point - the Italian wiretaps involved not just the state, but also illegal snooping done by powerful individuals, co
  • America learn from other nations? LOL, that'll be the day. We would have to pay attention to national news for that to happen.

Their idea of an offer you can't refuse is an offer... and you'd better not refuse.

Working...